5 Replies Latest reply: Dec 29, 2012 1:56 PM by MadMacs0
suziefrompalm desert Level 1 Level 1 (5 points)

I can no longer access the Guest Account on my IMac running Snow Leopard. Guest account says I have the wrong pwd? Funny thing is I never gave it a pw! Once before I found the Guest Account configured in a lower layer IFrame with several missing programs from my personal account being used by it. No one else has physical access to my Imac, although I often see activity and references to Remote Desktop in my logs and source files.

 

Recently had to have a FirmWare PW removed from my IMac and I've never set the fw pw in the first place. After the firmware reset when I got home and turned it on first time, tells me it doesn't recognize my administrator /user pws? Can these strange but true issues be related? Am I hacked? If so how do I begin to untangle it all? I did go ahead and set the FW password this time as I don't want anyone else to set it for me and have to go through that ordeal again. Is this something I should do, or not? How else can I protect my IMac, from these rogue changes and settings/menu/program alterations that keep happening. these things seem to happen in spite of several virus, anti spam, security programs I've installed; or any other security steps I've always tried to follow to prevent being hacked.

 

Started to reinstall Snow Leopard from original disc this evening and Utility tab shows two other volumes installed, that's three total; one being Boot Camp, the other Untitled. I never installed any of these except SL from the original disc. It appears I neither have full access to these other 2 partitions as the i button only shows partial information. Also the verify permissions, users, etc buttons do not allow me to repair, or do anything with these other volumes. Now I'm afraid to try and use the os disc without someone's more knowledgeable guidance, and/or wisdom. I've already made 2 trips to local Apple Store, plus the 3 hour round trip to authorized tech center to get the FW pw reset, so I'm hoping someone on the forum might be able to help me out this time .. argh!


iMac, Mac OS X (10.6.8), Safari shows version 5.0
  • BDAqua Level 10 Level 10 (119,125 points)

    HI Suzie,

     

    Not to alarm you, but it does seem somebody got nto your Mac Remotely.

     

    Disconnect from the Internet & try reinstaliling the OS... can you afford to erase & install?

     

    Do you have backups?

     

    ClamXAV, free Virus scanner...

    http://www.clamxav.com/

     

    Free Sophos...

     

    http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition/features.aspx

    http://www.sophos.com/products/enterprise/endpoint/security-and-control/mac/

    Little Snitch, stops/alerts outgoing stuff...

    http://www.obdev.at/products/littlesnitch/index.html

  • MadMacs0 Level 5 Level 5 (4,415 points)

    Open System Preferences->Sharing and make certain no service is checked as on, unless it's something you need.

     

    If you are on a WiFi network, is it protected by a strong WPA2 password?

     

    I am not aware of any OS X malware that would allow such access to your computer. All the remote access software is either commercial or hacks that require physical or network access to your mac.  MacScan from SecureMac is probably the best at detecting such "spyware" but it also produces false alarms, so make sure anything it finds is what it says it is and not something you need.

     

    I also endorse and use Little Snitch as an outgoing firewall, but it's a bit of a PITA to clear all the legitimate processes.

  • suziefrompalm desert Level 1 Level 1 (5 points)

    OMG! LiL Snitch was one of the software programs that I found listed in the Guest account previously that had been totally reset, so much so that I couldn't figure out what it was doing and uninstalled it, even though I still have over 6 months of the paid subscription left. Tried installing the clamshell scanning program and 2 pop ups stating that 2 of the files were uninstallible. Also for some reason I cannot find the Library File in my finder App? I just got this G4 Power Mac to try and fix my IMac from but it appears it too has been hacked. that makes it 12 devices I no longer own!! Two G4 Towers, one MacBook, my newer IMac, and 5 XP Pro desk tops. Oh yeah and it looks like they are also in control of my Black Berry, but not too sure about that. I have gone round and round with Verizon as I can see the activity on the modem/router that is clearly not mine.

     

    They swear I am not hacked but I am not able to see, or set the firewall settings on my modem/router that they charged me full price for. I am currently taking them to arbitration via FCC since they refuse to answer my basic and I think valid questions regarding my DSL Broadband account, and my Wireless Cell account, both of which are Business Accounts! I would switch but they have not allowed me full access to my verified domain name and between securing it, and having access to my account until I can trace this all down I'm afraid to close it as then I will have NO access.

     

    <Edited by Host>

  • MadMacs0 Level 5 Level 5 (4,415 points)

    suziefrompalm desert wrote:

     

    Tried installing the clamshell scanning program and 2 pop ups stating that 2 of the files were uninstallible.

    Assuming you mean ClamXav, you can get assistance at the ClamXav Forum.

    Also for some reason I cannot find the Library File in my finder App?

    That's a new "feature" of OS X. Hold down the option key and select it from the Finder's "Go" menu.

  • MadMacs0 Level 5 Level 5 (4,415 points)

    Just had another thought. Download IP Scanner from 10base-t interactive, a free for small networks use utility that will show you the IP and MAC addresses of all the devices currently on your network. Over time it will show devices that have joined but are not currently. In many cases it will even be able to identify the type of machine and what user is logged on.